Thanks for this effort, the updated certmonger module looks much
better! This
will help us get rid of the non-standard communication with certmonger.
Just couple initial comments from me by reading the code:
1) Testing needs fixed version of certmonger, right? This needs to be
spelled
out right with the patch.

Do we want to continue using the "criteria" object or should we rather
switch
to normal function options? I.e. rather using
request_id = certmonger.get_request_id(cert_nickname=nickname,
cert_storage_location=dogtag_constants.ALIAS_DIR)
? It would look more consistent with other calls. I am just asking,
not insisting.

I've no preference here. It seems to be a very small change. Has anyone
a reason to do it one way and not the other?

I think I used this criteria thing to avoid having a bazillion optional
parameters and for future-proofing. I think at this point the list is
probably pretty stable, so I'd base it on whether you care about having
a whole ton of optional parameters or not (it has the advantage of
self-documenting itself).

The list is probably stable but also really excessive. I don't think it
would help to have more than dozen optional parameters. So I prefer to
leave as-is and change it in future if it is wanted.

I see 2 issues related to this code:
a) Do not call SYSTEMCTL directly. To be platform independent, rather use
services.knownservices.messagebus.start() that is overridable by
someone else
porting to non-systemd platforms.

Is there anything that can't be done using ipalib/ipapython/ipaplatform?

It can't make coffee (yet).

b) In this case, do not use "raise e", but just "raise" to keep the
exception
stack trace intact for better debugging.

Every day there's something new to learn about python or FreeIPA.

Both a) and b) should be fixed in other occasions and places.

I found only one occurence of a) issue. Is there some hidden or are you
talking about the whole FreeIPA project?

4) Feel free to add yourself to Authors section of this module. You
refactored
it greatly to earn it :-)